tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IPv6: what is required of lower layers?
> In OpenVPN we've avoided all the drama related to ND by configuring
> the tun interfaces to IFF_POINTOPOINT|IFF_MULTICAST - so as far as
> the kernel is concerned, there is no neighbour discovery, just a dumb
> pipe "whatever is routed into the tun interface is sent to userland".
Perhaps I should try that. It's probably a holdover from the past; I
tend to think of POINTOPOINT interfaces as being inherently /32 (or
/128 for v6) on each end. But if it works to put a nontrivial netmask
on them, that may be worth doing.
However, a POINTOPOINT interface necessarily has a destination address.
I don't know what I'd specify for the destination address, since there
is no single peer whose address it makes sense to use on the tun.
> There is an additional quirk on all the BSDs regarding IPv6 packets
> on tun interfaces, as "default tun interfaces" are IPv4 only, and
> need the TUNSIFHEAD ioctl to enable "multi af mode" - which will add
> a 4-byte address family to each packet. I assume you already have
> that, otherwise you won't see anything ("this is what I started
> with"), but I thought I'd mention it.
I use TUNSLMODE instead, to get prepended destination addresses, rather
than TUNSIFHEAD's multi-AF mode. My if_tun.c has been significantly
worked over; I forget whether that was one of my changes. A quick look
at the commit makes me think not, but I'm not sure.
> [...] because multicast is oh so much better than just broadcast as
> ARP will do.
That reads as though you are sarcastically criticizing v6's use of
multicast. If so, I think that is at least partially unfair; multicast
_is_ better, in that, on multicast-capable media, it can reduce the
traffic third-party nodes have to deal with by a significant fraction.
With ARP, all nodes have to process (and, in most cases, discard) all
ARP requests. With multicast hardware and a decent IPv6-over-$MEDIA
design, there will be few-to-no false positives; in most cases, only
the target node has to even take an interrupt in response to a node
looking for a neighbour node.
If you have a medium which doesn't do multicast but does do broadcast,
you can, for example, specify that all v6 multicasts turn into
media-level broadcasts in your IPv6-to-$MEDIA layer.
I am not fond of the use of ICMP6 for neighbour discovery. Pulling
neighbour address resolution up into the IP layer strikes me as a wrong
choice. Perhaps I'm just ignorant of some tradeoffs....
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index